Hey everyone. I have situation here - I have multiple 3 active directory domain controllers: 1 for top-level domain and 2 for subdomains. I need to configure kerberos authentication via keycloak to my app for users of subdomains. I have already created two ldap user federations, turned on kerberos there and added keytab file. Everything works fine only for that domain, which has first priority in user federation list. If I set same priority for all domains, it show same error (see below) in keycloak logs and user see ‘unknown username or password’ message. Help me configure it please.
15:14:55,047 WARN [org.keycloak.storage.ldap.LDAPStorageProvider] (default task-116) User with username [user1] already exists, but is not linked to provider [ldap_2]